What Is an Audit?
An audit is engagement performed by an independent Certified Public Accountant to determine if the financial statements of the Association are materially correct, if they are presented in accordance with generally accepted accounting principles (GAAP), and if they have adequate disclosures. This is done by Assessing Risk and ensuring audit procedures reduce the various assertion Risks to low.
- Independence – Is a matter of fact and appearance. The CPA should not, except in very limited circumstances, have ownership within the Association they audit. The CPA should not be paid based on the outcome of the audit or tax returns. The CPA must maintain objectivity in all circumstances and keep an attitude of skepticism. The CPA must not be swayed by personalities or the need to “keep the client happy”.
- Materially Correct – The auditor, using judgment, determines materiality. The CPA professional guidelines set fairly high materiality standards. The CPA looks at each association and separately assesses the materiality amount. This means that the CPA does not look at each and every transaction – a common misconception. The CPA may randomly look at smaller transactions, but it is not a requirement.
- GAAP – Generally accepted accounting principles for Associations require that the financial statements be presented on the accrual basis of accounting, with full disclosures and supplementary information on the replacement fund (basically a recap of the reserve study). GAAP does not require fund accounting, but recommends it. GAAP suggests that property is not capitalized on the financial statements of Associations unless it is personal property that can be sold by the Board, but allows the option (and requires it in some circumstances) to place the common areas on the books of the Association.
- Disclosures – GAAP requires specific standard disclosures on the type of association, accounting methods, tax choices, and other such items. Other disclosures often missed or not understood include the following:
- FDIC limitation exceeded
- Related party transactions
- Litigation
- Special assessments
- Contingencies
- Subsequent events
- Risk Assessment (Fraud & Error) – The CPA assesses the risk of whether amounts on the financial statements are misstated in some way. The CPA generally assesses risk on account balances as either low, medium or high.
An auditor is always on the lookout for fraud; however, a regular audit is not considered to be a fraud or forensic audit.
The client is responsible for setting up systems for detection of fraud, as for reporting any potential fraud to the auditors. During the audit process, the CPA will be looking for incentives, opportunities and attitudes with regards to either fraudulent financial reporting or misappropriation of assets. Some brief examples:
- Incentives/Fraudulent Financial Reporting – Board promises the manager a bonus at the holidays if security costs are 10 percent less than last year.
- Attitudes/Misappropriation of Assets – The manager feels underpaid and unappreciated, so justifies taking the clubhouse rental monies that come in cash.
- Opportunities/Misappropriation of Assets – There are no controls in place when collecting laundry coins.
In an audit, the CPA may also find errors. If the error is due to a weakness in Internal Controls, then it will be noted in the Report of Internal Control.
- Assertions – CPAs also are required to consider various assertions and their assessment of risk.
- Cutoff – e.g. looking for accounts payable at 12/31
- Existence – e.g. bank statement to prove the money exists
- Completeness – e.g. testing miscellaneous income to be sure that ALL revenue is recorded
- Accuracy – e.g. that the amounts are mathematically correct
- Classification – e.g. whether an expense is operating or reserve
- Valuation – e.g. bad debt allowance – will all A/R be collected
- Rights & Obligations – e.g. requirements in loan to keep money in that bank
An audit also examines the internal control policies, as well as accounting procedures. It is an auditing requirement that CPAs include significant and material deficiencies in internal control policies in a separate Report of Internal Control. Basically the CPA has to evaluate every journal entry we make and determine if there was some control failure. There are also other control issues that need to be included – lack of bank statements, funds in excess of FDIC, approvals missing from minutes for such items as bad debt write-offs or reserve expenses are a few examples.